[Security_sig] Re: Departmental questions resolution...

Philip Peake philip at vogon.net
Wed Aug 17 06:01:54 PDT 2005


>>>> Any separation of duties for sys admin?
>>>
>>> [A] Very rarely.
>>> [B] System level admin, backup admin, file/print admin...these
>>>  are typically all the same.  May find the file/print management
>>> can (and should?) be done by separate admin role (not system admin).
>>>
>>>
>>> --- >Separation of administrative duties such as file/print
>>> administration might be needed, but in practice is rarely used.
>>
>> Yes.
>>
>
> No.  See above discussion.  Expect that enterprise managed services
> (distributed directory, DNS, time, smtp, VPN, routing, etc.) will have
> very separate administrative boundaries from local departmental servers in
> the enterprise.
>
> Granted, when there's only one department, or it's operating as an island,
> the local administrator is god.  But that's not the case in environments
> that have "Data Center" environments, usually.  By the time you have a few
> hundred departments, you've got a central support staff responsible for
> the services that keep things connected.  They delegate access control
> permissions (only) to local administrators.  They MAY delegate account
> creation to the local administrator, too, if there's no ERP system
> (PeopleSoft, for instance) to manage account creations and deactivations.

I think you have been spending too much time with the BIG customers :-)

Yes, the big organizations that have their act togther pretty much have to
have specialised admins for specific functions - broken out along lines of
something like: directory support, OS support, provisioning, desktop
support, server (OS) support, portal support, ERP support, etc, etc.

However, in terms of numbers of organizations, these are relatively few.
They are important in terms of revenue, and so tend to dominate the
thoughts of enterprise suppliers, who like to keep the big profitable
accounts healthy.

As a proportion of organizational IT systems, they are few. Most in the
small to medium range can't carry the overhead associated with running
these sorts of infrastructures.

So the importance of the big, complex IT systems depends upon your point
of view -- HUGELY important to the Novells, IBMs, Intels and Microsofts of
the world.

Going back to the question -- perhaps the simple answer is that there is
not a simple answer to this question -- perhaps it needs to be asked in
sections related to the size/complexity of the IT organizations.

Philip




More information about the security_sig mailing list